by Whatsblem the Pro
No less a light than R. Buckminster Fuller once said that “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.”
Art sometimes requires access to tools and substances that are well beyond the pale of normal day-to-day existence; procurement of this matériel can be vital. It can also be difficult, even if you live in a place where what you need is technically legal. Try sourcing a large supply of tannerite sometime, and you may get your phone tapped or your e-mail gone through even if nobody knocks on your door to see what you’re up to. Maybe all you need for your shenanigans are some industrial-strength fireworks, but you live in an area where fireworks are tightly controlled.
Fireworks – screenshot by Whatsblem the Pro
Silk Road has rendered the existing model obsolete. The site is an online marketplace that preserves anonymity, provides escrow service and a reputation system, and allows the sale of just about anything at all.
You can’t just point your browser at Silk Road, though. The site’s servers can’t be pinpointed, and can’t even be communicated with if you’re not set up for it. Silk Road is the major player on the Deep Web, sometimes called Darknet, or Undernet. Unless you’re already anonymized, you can’t get there from here.
Tor (aka “The Onion Router”) is the big workhorse of the Deep Web. How does Tor work? From the Wikipedia entry:
How Tor works
“Tor aims to conceal its users’ identities and their network activity from surveillance and traffic analysis by separating identification and routing. It is an implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays run by volunteers around the globe. These onion routers employ encryption in a multi-layered manner (hence the onion metaphor) to ensure perfect forward secrecy between relays, thereby providing users with anonymity in network location. That anonymity extends to the hosting of censorship-resistant content via Tor’s anonymous hidden service feature. Furthermore, by keeping some of the entry relays (bridge relays) secret, users can evade Internet censorship that relies upon blocking public Tor relays.
Because the Internet address of the sender and the recipient are not both in cleartext at any hop along the way, anyone eavesdropping at any point along the communication channel cannot directly identify both ends. Furthermore, to the recipient it appears that the last Tor node (the exit node) is the originator of the communication rather than the sender.”
Once you’ve got Tor installed and running, you’ll have a special Tor-hardened browser open that keeps you anonymous on the Internet. . . or does it? Not entirely, as it turns out. You still have to avoid doing things that might reveal your identity, which means your Tor-enabled browser should be the only browser open, and you must resist the temptation to do everyday things like log in to Facebook, or check your e-mail. Doing so while using Tor is actually much less secure than doing it without Tor running, because hey: people are watching. Tor does not, and by design cannot, encrypt your traffic between exit nodes and target servers. In other words, you can send and receive data all you like and nobody will know where or who you are just by looking at the flow of data, but if you yourself send information that tells where and who you are, you may be exposing your most sensitive data to hackers or law enforcement. You can expose where and who you are indirectly, as well; as an example: in September 2007, Swedish security consultant Dan Egerstad reported the interception of a large number of email account usernames and passwords by running and monitoring Tor exit nodes. Once someone has information like that, finding out who you are, where you live, and all kinds of other things about you becomes trivial.
Posting photographs without taking the necessary precautions can also compromise your identity while running Tor. Digital photos normally have what’s known as EXIF data attached to them, and the EXIF may include things like the precise GPS coordinates of where you took the picture. Scrubbing or spoofing the EXIF data is easy, but it’s also essential that you don’t skip that step if you want to upload photos and remain anonymous.
You can log in to Silk Road and lots of other Deep Web sites safely because they avoid those exit nodes that make your data sniffable and therefore vulnerable; since Silk Road also wants to remain anonymized, your requests to the site and the site’s replies to you meet and negotiate with each other at some random point in the middle of the Tor-enabled network. Again: don’t open a second browser, don’t check your e-mail, don’t sign into Facebook or other sites that know your real identity, and don’t browse web sites casually. The Deep Web is for getting in, getting what you need, and getting out.
Some popular Silk Road offerings – screenshot by Whatsblem the Pro
The best way to get to the anonymized dark side of the Internet is to boot to a CD, a USB thumb drive, or an external hard drive that contains a special Tor-enabled security-hardened operating system. This will enable you not only to completely, securely anonymize yourself, it will also give you the ability to take your show on the road and safely access the underworld from just about any computer with an Internet connection, even the ones in the library. There are several options to choose from in such an operating system; two very good choices are Tails, and Liberté Linux.
If you boot to one of these specialized operating systems, Tor will already be enabled, and you’ll be ready to go. Point the specially-modified browser at the Silk Road and you’re there (please note that if you don’t have Tor installed and running correctly, though, you’ll get “404 Not Found” or your DNS provider’s equivalent instead).
OK, so you’ve created a Silk Road account and logged into that. What now? You can feast your eyes to your heart’s content, but how do you buy anything, and what is the weird pricing system all about?
That’s the other part of the Deep Web equation: anonymized money. Silk Road’s transactions (totaling over 1.2 million US dollars per month in 2012) are conducted using Bitcoin, an electronic currency introduced in 2009 that was designed with your privacy in mind. So, before you can buy anything on Silk Road, you’ll need to acquire some bitcoins. There are several ways to do this, and more all the time; just in the last few weeks, a Bitcoin ATM was announced for use in public spaces. The most common way of obtaining bitcoins is to go through a site like Mt. Gox; this method involves a trip to a local bank to finalize the transaction, which places bitcoins in your encrypted ‘wallet’ to be spent online. As Bitcoin achieves greater recognition and acceptance, even easier methods of trading non-virtual currencies for bitcoins should quickly become trivial and routine.
Just buying bitcoins isn’t enough; you’ll also need to use a mixing service or three if you want your transactions to remain truly anonymous. You’ll need to pick your mixing services judiciously; they also operate anonymously, and a fly-by-night operation could simply disappear with your bitcoins. Do your due diligence! As a general rule, anyone you do business with anonymously should have a reputation that is worth much more to them than your transaction.
Now you can buy, but who can you trust? If everyone’s anonymous, what’s to stop vendors on Silk Road from simply keeping your money and sending you nothing at all?
Fortunately, Silk Road provides both an escrow service and a reputation system. Do your due diligence and shy away from the early funds release option, and your transaction is assured. Your bitcoins won’t be handed over to the seller until you both agree that the deal was completed fairly.
Safely communicating with vendors is also an issue. You’re going to have to give them a name and address to ship to at some point, so take steps to keep anyone in between you from sniffing that information out of the packets of data you transmit as they travel through the cloud from server to server. Make sure you use a dedicated e-mail account, and encrypt your messages in both directions with PGP or the free alternative GPG. . . or take the easy way out, and get yourself a Hushmail or Tor Mail account.
How PGP works
Finally, you’ve got to receive the product. It might be advisable to limit your purchases to vendors in your own country; Silk Road allows you to declare a country for your account (or not), and provides a handy “domestic only” checkbox at the top of every search page. You’ll need a name and address; PO boxes are commonly used and if you’re in America the USPS is highly recommended over other carriers like UPS or FedEx, simply because the Post Office handles such an immensely larger volume of mail and packages than the alternatives.
Volumes have been written about secure shipping, and indeed, there’s a great deal more to say about all of this. This article should be considered the tip of the iceberg; it will give you enough information to get started, but by “get started” I mean “do a lot more reading.” It’s no small or simple thing to free yourself of the burden of an obsolete old paradigm, especially when the corpse is still violently thrashing around and hurting people who try without first preparing themselves adequately. All the information and resources you need are available to you, but it’s up to you to put in the study time necessary to master the tools you’ll need.
Proceed with caution!